[Original] All-in-One anti-virus, creating a manual anti-virus expert

Niang xipi, I haven't written an article for a long time. I am so lazy. Today I will introduce the manual anti-virus service. I will talk about it in the group very early. Let's take a look at it in detail today.
First of all, the premise is that your system partition is NTFS. If not, alas, uncle, you have already fallen behind a lot. Change it now (except cracker)
What is the most disturbing thing about viruses? Nnd is the starting method, day, in the same way. There are several starting methods that work together to make you feel a headache, but no matter how many starting methods, generally, there are several fixed EXE, sys, or DLL targets to be started. Find them and disable nnd. Start them and see how you start them.
Later, let's talk about how to disable file startup and how to find the virus startup source.
Recommended detection tools:
Autoruns
Http://www.sysinternals.com/Files/Autoruns.zip
Icesword
Http://www.xfocus.net/tools/200605/1161.html
Autoruns please do not download the Chinese version of J8 hair, the original green software, was installed with an installation package, and added some 3721 class rogue plug-ins, unhappy with it
Autoruns + icesword: I can't say I can find all viruses and rootkits, but I think at least 95% of them can be found. autoruns is used to check all startup projects of the system, and icesword is used to check some rootkits.

After finding the available source, such as c: \ windows \ system32 \ xx.exe
You can use cacls c: \ windows \ system32 \ xx.exe/d everyone
Deny all users' access to modified files
Partitions of FAT32 are not supported.
Some viruses have hidden and system attributes.
You can cancel the attribute before cacls.
Attrib-s-h c: \ windows \ system32 \ xx.exe

Disable restart and delete invalid start in autoruns. if the source of the virus is not started and the start is deleted, it will not be restored.
This method can also deal with the spam plug-ins, 3721, Kaka assistant or something.
It is recommended that McAfee be installed for anti-virus software, which occupies a relatively small amount of resources.